<?php
require_once('../inc/init.php');
$user=strFilter($_GET['user']);
$time=numFilter($_GET['time']);
$remark=strFilter($_GET['remark']);
$api=strFilter($_GET['api']);
$sign=strFilter($_GET['sign']);

if(time()-$time>3600){
	printMsgTips('url_expire');
}

function verifySign($parm_user, $parm_time, $parm_remark, $parm_api, $parm_sign){
	global $cache_settings;
	$key=$cache_settings['apikey'][$parm_api];
	$sign_result=md5($parm_user.$parm_time.$parm_remark.$parm_api.$key);
	return $parm_sign==$sign_result;
}

function printMsgTips($tip){
	echo "<html><head><title>系统错误</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />";
	echo "<body>\r\n";
	echo("系统错误：".$tip);
	echo "</body></html>";
}

$isSign=verifySign($user, $time, $remark, $api, $sign);

if($isSign){
	$row=$db->row_select_one("users","username='{$user}'","id,username,userpass,groupid,logintime,postsnum,credits1,credits2,credits3,credits4,credits5,credits6,credits7,credits8");
	if(empty($row)){
		printMsgTips('用户名不存在.');
	}else{
		if($row['groupid']==GROUP_NOVERIFY){	//待验证
			printMsgTips('用户待验证');
		}elseif($row['groupid']==GROUP_NOVISIT){	//禁止访问
			printMsgTips('用户被禁止访问.');
		}elseif($row['groupid']==GROUP_VERIFYFAILED){	//验证失败
			printMsgTips('用户验证失败.');
		}else{
			if(numFilter($row['groupid'])<=80){
				$allmark=getAllCredits($cache_settings['creditsexpression'], $row);
				$row_group=$db->row_select_one("groups","({$allmark} BETWEEN marklower AND markhigher) and (groupid BETWEEN 1 AND 80)","groupid");
				if(empty($row_group)){
					printMsgTips('系统找不到用户组.');
				}else{
					$row['groupid']=$row_group['groupid'];
				}
			}
			$userpass = $row['userpass'];
			
			//更新登录时间
			$newrow["lastlogintime"] = $row["logintime"];
			$newrow["logintime"] = time();
			$newrow['groupid'] = $row['groupid'];
			$db->row_update("users",$newrow,"id={$row['id']}");
			
			//更新在线数据
			$db->row_delete("online","ip='".getIP()."'");
			
			$t=0;
			if($userrem=="y"){
				$t=3600*24*365;
			}
			$_SESSION['userid'] = $row['id'];
			$_SESSION['groupid'] = $row['groupid'];
			setCookies('username', $row['username'], $t);
			setCookies('userpass', $userpass, $t);
			setCookies('userauth', md5($row['username'].$userpass.$cache_settings['salt']), $t);
			setCookies('userhidden', $userhidden, $t);
			setCookies('expire', $t, $t);
			_header_("location:../index.php" );
		}
	}
}else{
	printMsgTips('签名验证不通过.');
}
?>